Configure SAML single sign-on with Okta
You can configure your ExtraHop system to enable users to log in to the system through the Okta identity management service.
Before you begin
- You should be familiar with administrating Okta. These procedures are based on the Okta Classic UI. If you are configuring Okta through the Developer Console, the procedure might be slightly different.
- You should be familiar with administrating ExtraHop systems.
These procedures require you to copy and paste information between the ExtraHop Admin UI and the Okta Classic UI, so it is helpful to have each UI open side-by-side.
Enable SAML on the ExtraHop system
- Log in to the Administration page on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
- In the Access Settings section, click Remote Authentication.
- From the Remote authentication method drop-down list, select SAML.
- Click Continue.
- Click View SP Metadata. You will need to copy the ACS URL and Entity ID to paste into the Okta configuration in the next procedure.
Configure SAML settings in Okta
This procedure requires you to copy and paste information between the ExtraHop Admin UI and the Okta Classic UI, so it is helpful to have each UI open side-by-side.
Configure user privilege attributes in Okta
You must add ExtraHop privilege attributes to Okta. These attributes enable you to assign write-level, detections-level, and packet-level access to your Okta users. You only need to configure user privilege attributes once in your Okta environment. These attributes can then be assigned to any Okta user profile.
Thank you for your feedback. Can we contact you to ask follow up questions?